Hacker Breaks Down Hacking Scenes From Movies & TV
Released on 04/29/2021
[piano music]
Keeps rewriting itself to counter my commands.
This has something to do with computers.
Hack 'em all.
Hi, I'm Samy Kamkar.
[Narrator] Samy is the co-founder of OpenPath Security
and a computer hacker.
I'm back to talk about more hacking scenes
in TV shows and movies.
Breaking into a government system, The X-Files.
This has something to do with computers, the internet.
Actually the ARPANET.
You can access it through the internet.
I want to believe, but this clip isn't too realistic.
ARPANET is essentially what the internet came from.
DARPA, the U.S. government agency created ARPANET
and that bubbled into the internet
and became publicly available.
When the X-Files came out,
ARPANET was no longer in existence.
Isn't there something you could-
I mean how do you say it, hack into?
I'm sorry, I think this is the end of the line.
How you say, that's what she says.
She says, How you say, hack.
[Samy laughs]
How do you say it, hack into.
But How you say is what you say in other languages
when you don't know.
Right?
[computer beeps]
What did you do?
Oh, it's a government system,
I know a couple of logging out tricks with VMS version five.
If you're using a password that you know,
then I don't really consider that hacking.
[tense music]
[Woman] What is that?
It's an encrypted file.
[computer beeps]
Why would your three year old have an encrypted file
in a secret defense department database?
Can you decode it?
There's another issue here
in that they find a file that's encrypted,
that by itself is not too unrealistic.
They're showing the file in ASCII format.
Can you print it out for me?
But when you print it out,
that's going to be useless information.
And that's because many of the characters
that would be in an encrypted file
are not visible in an ASCII format.
So you end up with things like periods,
which may or may not be a period
or it could be a totally different character or byte.
So your ex-boyfriend is into computers.
I would totally say that.
Wait, your boyfriend's into computers?
I should meet him.
[Samy laughs]
Locking down a system, Jurassic Park.
[computer beeps]
[tense music]
[computer beeps]
Five, four.
[door hisses]
In this clip, it looks like Newman,
you know who I mean.
Newman!
Is kind of running around,
activating or deactivating certain types of locks.
But, at some point, someone else tries to run a command,
like access grid, and that causes an access denied.
But then he gets a series of messages.
So, this doesn't look too realistic,
just on the fact that he's getting access denied messages
without a password.
And he's also then getting a message in a loop,
which is just less likely to happen in a realistic scenario.
This reminds me of some of the clips
that we saw in the first technique critique
when we were seeing, really,
just a lot of pop-ups that would occur.
Stop the popups.
[Samy laughs]
And a lot of videos typically
that will hackers will put onto devices.
[cats meow]
That's not something we generally see in the real world.
[tense music]
It's a Unix system.
It's all the files of the whole park.
The girl gets to the computer and says,
It's a Unix system.
It doesn't look like a Unix system,
which is typically a terminal or a console window.
But it actually is Unix.
It tells you everything.
I gotta find the right file.
The 3D interface that she's using is a legitimate software
that a company called SGI made many years ago.
It's not something anyone actually uses.
It was really just about proof of concept
of using a 3D file system.
The reason no one would ever use it
is because it takes forever to navigate a 3D system
when you're just trying to find a file.
Hate this hacker crap!
Decrypting a file, The code.
I'm up in air in the video compression.
Can we fix that?
Maybe.
But, I would need to get online.
[keyboard clicks]
[tense music]
Here we see Jesse taking a corrupted video file.
And, for a moment
we see him start running a program called ffmpeg.
And, he essentially tries to remove corruption
from this video file.
And that's totally reasonable.
[keyboard clicks]
ffmpeg is meant for all sorts of modifications
or alterations to video images and audio.
So, for example, if you have something that's corrupt,
you could take all of the frames that are not corrupt,
extract them, and then reconstruct all of those frames
into a single video.
There was a part that was inaccurate
in where we saw the red, green, and blue channels
all visually come up.
While that would be possible to do,
ffmpeg, the tool itself is a terminal based tool.
So, it's all text-based despite operating on video image
and audio.
Can we fix that?
Maybe. But I would need to get online.
He asked to go online,
but if he already has that ffmpeg tool
downloaded to his machine,
there's actually no reason for him to go online.
So, who knows what he was actually doing?
Sometimes you do hear of hackers getting sentenced
not to use computers or be on the internet.
Unfortunately, that occurred to me
earlier in my life for several years.
I don't know if we want to go into it.
[Samy laughs]
Now I'm allowed to be on the internet.
[Samy laughs]
Hardware hacking, Firewall.
I need my daughter's MP3 player to use as a hard drive.
Here we see Jack Stanfield using his daughter's ipods
to store data while under duress in a kidnapping situation.
This is the scanner head and the fax machine.
Yeah.
And you'll capture the images of the account numbers
off the server screen and transfer them to this.
That's totally realistic.
If you think about an MP3, it's just a digital format
of audio.
And audio is really just an analog signal.
So, you can convert that into a digital format
and-
Just like you can convert any other data
into some digital format.
But, they're still just images,
what are you going to do with them?
Use an OCR program to convert it to data
that the computer can use.
He also mentions using OCR,
which is object character recognition.
So, if I were to take a screenshot of a bank account,
it's an image, there's not actually text in it,
even though I can read the text.
OCR software would then convert that
and extract all of the text from it
without me having to type it in manually.
10,000 songs, 10,000 account codes,
it doesn't know the difference.
The only thing he doesn't go over here
is how he converts the images from the scanner
into the MP3s.
You do need some conversion to occur.
So, that needs to be a computer or a microcontroller
or something.
Should work.
Hacking a smart fridge, Silicon Valley.
Hello my cofriend.
[fridge dings]
Hello?
[Fridge] Huh, suck it Jin-Yang.
Mm, ah huh.
Your attacking and destroying my refrigerator?
And you misspell my name.
Essentially, smart fridges themselves
are really just computers.
They're running some operating system,
maybe a stripped down version of Linux.
When I was able to brute force the backdoor password
to that chrome piece of shit in under 12 hours.
What Gilfoyle was saying
is that he was able to brute force the password.
All that means is
he went through millions and millions of passwords
trying to authenticate through some mechanism
that the refridge exposed.
Maybe it's connected to the WiFi network
and it has a port open that you can then connect to.
That is a possible scenario.
A back door is a way to log in or authenticate into a system
without going through the traditional mechanism.
So, maybe a website has a username and password field.
A backdoor would be a special URL
that you wouldn't need to enter any username or password
But I added a little visual flair.
[Fridge] Huh, suck it.
[tense music]
Hacking an ATM pin, Terminator 2: Judgment Day.
[Boy 1] Please insert your stolen card now.
[ATM revs]
[keyboard clicks]
They insert a device that looks like a credit card
tied to a computer with a ribbon cable.
And it looks to do some type of brute force of the pin code.
Go baby, go baby, go baby.
Right.
Yes!
Easy money.
Some of this could be possible.
The problem is the pin code has nothing to do
with the data on the credit card,
nor is it ever inserted within the credit card slot.
Those are two independent systems.
What they're doing here with the pin
just isn't talking to the right system.
So, they'd have to be plugged into something else
in order to even attempt an attack like this.
[Boy 2] Where did you learn this stuff from anyway?
From my mom.
Destroying a hard drive, The Core.
This is the FBI, we have a warrant.
[Man] Shit!
[electronic music]
[toaster hisses]
[microwave hums]
In this scene, the main character is trying to wipe,
delete, purge any data he can
from a number of different data storage types.
[electronic music]
He takes some pretty big magnets
and he goes over, what I assume are hard drives.
Which would work
for traditional spinning platter hard drives.
That would erase a lot of the data
as the data is kept in magnetic fields.
If I had to destroy something
like a traditional spinning hard drive,
then I probably would do something similar by using magnets.
But, ideally, I would also want to open it after the fact
and then crush it into bits.
The more small pieces you have,
the less data someone will be able to extract
and be able to put them together.
[electronic music]
[microwave hums]
[microwave dings]
He also throws some CDs or DVDs into a microwave.
The data there is actually stored within the polycarbonate.
So, if he had a sufficient time to melt it
he could make it disappear,
but it just depends on that amount of time.
[electronic music]
[Man] Purge.
He also deleted some data, just using software.
Now, a quick software delete, in the period of time he had,
which was only a few seconds.
While that appears to delete the files,
it actually doesn't delete the data.
All it does is tell your hard drive or your computer
that the data in this sector is now free.
In order to actually delete data from a drive
you actually need to overwrite that data.
And typically you want to overwrite it several times.
Then, for a safe measure,
hit it with a hammer a bunch of times.
I know these look like computers,
totally not.
Faraday cage, Enemy of the state.
[machine grinds]
This is where I work.
Completely secure.
Copper wire mesh keeps the radio signals out.
He says this copper wire cage or a faraday cage
keeps radio signals out.
Normally that is true.
When you have a conductive mesh or a metallic mesh,
the only thing that can penetrate that mesh
are wavelengths that are essentially smaller
than the mesh itself.
So, the holes themselves.
But, in this case,
there is a lot of radio frequency
that can fit in that wavelength.
So, really, even something like five gigahertz,
Wifi would be able to penetrate that mesh.
If the mesh were smaller,
then it would be able to block a lot more radio frequency.
Hate to see the chicken that lives in this coop.
Acoustic analysis, Eagle Eye.
[computer whines]
Sir, all the threats we've been tracking chatter all-
Hold it.
In this scene a couple of things are happening.
There is a voice over IP phones
that they ultimately disconnect
to prevent someone from snooping or enabling the microphones.
It shows that the camera is essentially able to read lips.
[camera beeps]
Really creative and absolutely doable with software today.
[camera beeps]
[Woman] Section 216 of the Patriot Act.
What they didn't expect, and, which is really creative,
is they're actually using acoustic analysis
to look at vibrations off the coffee cup that was there.
So, when you're speaking or when someone's speaking
they are moving air molecules
and that's going at a certain frequency
based off the frequency of their sound.
When that hits something like the drink,
you're actually able to convert that physical change
of that liquid back into audio.
Because, essentially, it's moving at the frequency of sound.
And if you can visually see that,
you can then convert that visual frequency
back into the frequency of sound and hear it.
So, it's actually a very creative, but it is doable.
Denial of service attack, Ralph Breaks the Internet.
[Malicious character] Scanning for insecurities.
Come on, don't leave me!
[Malicious character] Insecurity detected.
[creature fires]
In this clip, we see some sort of malicious system
that is finding this insecurity in Ralph.
And they're essentially duplicating Ralph
and duplicating this insecurity
which then takes over all sorts of websites, sops.
It starts interfering with people's web browsers.
The internet is under assault
as a massive denial of service attack
crashes servers across the web.
Denial of service
typically isn't going to do something manipulative
like alter your web browser or alter a video feed.
Instead, its goal is one simple thing
and that's to bring a system down.
While this is a pretty unrealistic
I think we can give Ralph a pass here,
just for his insecurity.
[girl yells]
Hijacking a TV channel, V for Vendetta.
[static hisses]
For god-
Dad, what's wrong with the tele?
Good evening London.
In this scene,
we see someone essentially taking over a TV station.
In this case, I don't consider this hacking,
because they essentially already have the capability,
they're in the station and they have the ability
to already override the video that's been playing right now.
What makes it a little less unlikely,
is that they're also taking over billboards.
And often those are coming off a separate feed
off some prerecorded video.
Granted, those could be based off of live video as well.
In Tim Burton's Batman,
we do see something similar
where a live newscast is taken over by the Joker.
Now, that is actually a lot more realistic
and is an actual hack
because often, live broadcasts are being aired over radio.
So, if someone can intercept,
and by intercept I just mean send a stronger signal,
and they can actually override that signal
if they can hit the receiver and take over that.
So, that is something that can happen
and has happened in the past.
He don't look happy.
He's been using Brand X.
Stock market hack, Who Am I?
[rock music]
In this clip they're on the roof
of what appears to be a stock exchange.
And they're somehow connecting to the network.
This, by itself, is going to be a little challenging
because there are many different networks
and just being on the roof
is typically not enough to jump on the network.
We do see them run something called bashbufferoverflow.sh
and some number.
And bufferoverflow is a common technique
to exploit various types of software
by overflowing their memory so much
that you get to a point in memory
that you can tell the processor where to run code,
and you can then point that back
to the original memory you overflowed
and that's now your code.
So, it's a way to take over a computer
just by inputting some data.
What they're demonstrating
is that they were able to connect to
and then run their own code
and run their own instructions.
[rock music]
[speaking in foreign language]
We're also seeing, essentially, video of a graph.
And that chart is probably going to be extracted
from some other locations,
maybe from a website or from some other feed.
So, it might be possible,
but it's going to be challenging to do this.
[rock music]
[All] Yeah!
Autonomous vehicle exploitation, Fate of the Furious.
There's over a thousand of them.
Hack 'em all.
[computer squeaks]
[engine starts]
[tires squeal]
In this clip we see a bunch of cars
getting hacked and taken over.
Some of this could be possible.
And there's a pretty incredible demonstration
of this type of attack
where they were able to take a Jeep
that was driving on the road
with someone from Wired inside.
And they were able to take that car over.
They first started just controlling the windshield wipers,
adjusting the radio,
and then actually started messing
with the controls of the vehicle, like the throttle.
And that's because some vehicles
do have these components computerized.
However, what they're showing here
where they're just arbitrarily choosing cars to take over
is really unlikely because it's a lot of effort
and it's typically a targeted attack.
You have to really know the vehicle
that you are trying to get to first.
[speaking in foreign language]
[cars crunch]
Ouch.
You see a bunch of cars
that are actually parked and they start driving.
Well, that's not going to happen
if you have something like an e-brake.
As far as I know today
there aren't many vehicles with a computerized e-brake.
So, we're just seeing way too many vehicles
doing way too many things
they simply don't have the capability to.
I'd buckle up if I were you.
Credential hack, Mission: Impossible - Ghost Protocol.
[machine whines]
[machine beeps]
In this scene we see Ethan Hunt
going into a government building.
He reveals his credentials
and the person working behind the desk
starts scanning the credentials.
[speaking in foreign language]
He looks at kind of what percentage of this hacking
is being done.
This seems pretty unlikely for a couple of reasons.
For one, when you're talking about a credential
or authorization system,
it's likely not going to be on some wireless network.
Even if you do have a wireless network
in a government building,
it's again, likely not tied to a security checkpoint.
Another problem here is
that we see a percentage of completion.
You almost never have percentages
when you're talking about hacking.
Either you have found a mechanism to get in or you haven't.
So, the loading bar in hacking scenes
is usually not very accurate.
Love your disguise by the way.
Max booth, Mr. Robot.
[funk music]
Thanks doll.
In this scene, we see Darlene
take a little magnetic read head
and take a hotel card and scan it.
And then store it into the device called MagSpoof.
And then she goes up to the hotel room
and she essentially hits play,
which either replays that
or it brute forces the code and that unlocks the door.
And that is something that can absolutely occur.
MagSpoof is a device I personally created
and it's designed to essentially perform penetration testing
around different types of mag stripes,
primarily around credit cards.
The device itself is an electromagnet.
And what all that means is
it's able to create a magnetic field,
both in North and South.
The writers of Mr. Robot were really creative here
and asked if this were possible
on hotel mag stripes, and it's entirely possible.
And they actually came up with the idea
of taking that same device and using it here in a hotel
to brute force through various numeric codes for a room
just by having somebody else's room card.
And that's a totally feasible scenario.
Hacking at an Apple store,
Captain America: The Winter Soldier.
[computer beeps]
[Woman] Now, it's trying to hide something.
Can I help you guys with anything?
Oh no, my fiance was just helping me
with some honeymoon destinations.
It seems that, really, what they're trying to do
is just hide who they are and what they're doing.
So, they're going to an Apple store
so they can take the IP address
of the Apple store rather than doing it safe
from their home or office or Captain America network.
How much time do we have?
Uh, about nine minutes from
now.
Generally, you wouldn't want to do it in an Apple store.
For one, they're going to have a lot of cameras.
So, all they have to do is correlate the time,
the computer and then look at the video feed
and they might be able to capture who was there.
Well, maybe we can find out where it came from.
There was an art prank done,
many years ago at an Apple store in New York.
The creator, Kyle,
ended up getting the secret service sent to his house.
So, you probably don't want to try this.
Congratulations, where you guys thinking about going?
New Jersey.
[Man] Huh.
If you did want to actually perform attacks
and hide your IP address,
it would make more sense to have some sort of device,
say a Raspberry Pi computer connected to a solar panel,
throw it on top of a store and then connect to that.
So, that is now connecting to the free wifi
of somewhere nearby.
And now, you're sort of proxied, there's no video of you,
you're not at the store,
but you're taking advantage of their IP address.
And now it's going to be much harder to link back to you.
Person who developed this is slightly smarter than me,
slightly.
A phishing attack, Oceans Eight.
[computer dings]
[mouse clicks]
[man gasps]
Rihanna, or Nine Ball, is trying to phish somebody.
She's constructing an email or message.
It has some link that the person clicks
and then that person had their camera engaged,
and the video feed went back to Nine Ball.
That is pretty unlikely.
In order to actually enable somebody's web camera,
you need to get code to execute on their computer.
That's usually very difficult.
When you employ those attacks, and they get executed,
they're going to be discovered pretty quickly,
if you start using it.
And it's going to be patched pretty quickly.
So, it's not to say it's not possible.
It's just that, once you start using these types of attacks,
you're essentially burning them.
Otherwise a phishing attack by itself,
getting someone to click something,
or visit a malicious link, that is pretty easy to do.
And that happens honestly, every day.
You poor thing.
Discovering a worm, Hackers.
[rock music]
[paper rustles]
[Man] It isn't a virus, it's a worm.
Here we see Zero Cool doing some sort of investigation.
We do see a lot of algebraic formulas, unfortunately.
Which have really nothing to do with what he's doing.
Granted, if you're programming,
you will be writing a lot of algorithms,
but you're never doing it in,
let's say the algebraic format that they're showing.
[Man] It isn't a virus, it's a worm.
The worm eats a few cents from each transaction.
And when the worm's ready,
it zips out with the money and erases it's tracks.
He says this is a worm and not a virus.
And that seems true.
Essentially, we think of a virus as some piece of software
or malware that requires some action by a user
in order for it to execute.
Where, a worm is more likely something
that requires little to no action in order to proliferate.
By this point,
it's already running at twice the speed as when it started.
When I was younger,
I did accidentally release a worm on a site
popular many years ago called Myspace.
All it did was,
someone would visit my profile,
without knowing it, they would add me as a friend
and the code would copy to their profile.
That means when someone visits their profile,
the code would copy to their profile.
Within about 24 hours over a million people were infected.
It said, Samy is my hero on all these profiles
and Myspace had to shut down in order to remove this worm.
Unfortunately for me,
I couldn't touch a computer for several years.
I wasn't allowed on the internet
until I went back to a judge.
Now we're here.
[Samy laughs]
Crash 1,507 systems in one day?
Aptitude test, Snowden.
We're going to start with an aptitude test.
[electronic music]
The average test time is five hours.
If you take more than eight, you will fail.
I don't know whether aptitude tests like this
happen in government, I can only assume they do.
I know with a lot of companies,
you will go through some types of tests.
You will be on the spot.
You will be given a computer
or you'll be given a whiteboard.
And they'll say, Okay, do X.
You know, Write some software to perform this.
So, there are realistic tests like this.
[electronic music]
It's actually interesting
because they're running legitimate commands.
We see nmap run a few times.
We see tar, an archiving utility used to compress some data
and then extract that data.
A lot of this was extremely realistic.
I'm really just nitpicking,
but a couple of those commands had a verbose flag enabled,
which should have output a lot more data,
but they did not output any data.
But, otherwise it seemed like a reasonable clip.
Eyes on screens.
[Man] We don't have enough card space
to do all the other clips.
Does anyone have an ipods?
[men laugh]
[bell dings]
[Narrator] Conclusion.
Hacking itself
is not always the most glamorous to look at.
However, we are seeing more and more hardware type hacking
where people are taking physical devices
and moving hacking into the real world.
[gentle music]
And that by itself, I think, looks more interesting.
[Man] And that's a wrap.
[group applauds]
All right, guys, from the top.
[men laugh]
Movie Accent Expert Breaks Down Actors Playing Real People
Accent Expert Breaks Down 6 Fictional Languages From Film & TV
Movie Accent Expert Breaks Down Actors' Accents
Surgical Resident Breaks Down Medical Scenes From Film & TV
Forensics Expert Examines Crime Scene Investigations From Film & TV
Movie Accent Expert Breaks Down 28 More Actors' Accents
Lawyer Breaks Down Courtroom Scenes From Film & TV
Former CIA Chief of Disguise Breaks Down Spy Scenes From Film & TV
Surgical Resident Breaks Down More Medical Scenes From Film & TV
Movie Accent Expert Breaks Down Actors Playing Presidents
Accent Expert Breaks Down 17 More Actors Playing Real People
Forensics Expert Examines 25 More Crime Scene Investigations From Film & TV
Pro Driver Breaks Down Driving Scenes From Film & TV
Disease Expert Breaks Down Pandemic Scenes From Film & TV
NASA Astronaut Breaks Down Space Scenes From Film & TV
Surgeon Breaks Down 22 Medical Scenes From Film & TV
Pro Driver Breaks Down More Driving Scenes From Film & TV
Lawyer Breaks Down 17 More Courtroom Scenes From Film & TV
Robotics Expert Breaks Down Robot Scenes From Film & TV
NASA Astronaut Breaks Down More Space Scenes From Film & TV
Robotics Expert Breaks Down More Robot Scenes From Film & TV
Physics Expert Breaks Down Superhero Physics From Film & TV
Airline Pilot Breaks Down Flying Scenes From Film & TV
Fight Master Breaks Down Sword Fighting From Film & TV
Former US Air Force Fighter Pilot Breaks Down 12 Fighter Pilot Scenes From Film & TV
Retired FBI Agent Breaks Down Surveillance Scenes From Film & TV
Conductor Breaks Down Orchestra Scenes From Film & TV
Hacker Breaks Down Hacking Scenes From Movies & TV
Former Army Intel Director Breaks Down Spy Satellite Scenes From Movies & TV
Surgeon Breaks Down 16 Medical Scenes From Film & TV
Bug Expert Breaks Down Bug Scenes From Movies & TV
Mortician Breaks Down Dead Body Scenes From Movies & TV
Aquanaut Breaks Down Ocean Exploration Scenes From Movies & TV
Chemist Breaks Down 22 Chemistry Scenes From Movies & TV
Military Historian Breaks Down Medievals Weapons in Video Games
Hacker Breaks Down 26 Hacking Scenes From Movies & TV
"2034" Co-Authors Break Down Warfare Scenes From Film & TV